Rapid7 Vulnerability & Exploit Database

Symantec Endpoint Protection: Local Client ADC Buffer Overflow (CVE-2014-3434)

Free InsightVM Trial No credit card necessary
Watch Demo See how it all works
Back to Search

Symantec Endpoint Protection: Local Client ADC Buffer Overflow (CVE-2014-3434)

Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
08/06/2014
Created
07/25/2018
Added
08/08/2014
Modified
10/05/2021

Description

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.

Solution(s)

  • symantec-endpoint-protection-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;